on 06-16-2009 4:19 PM
Hello Experts,
We have recently installed SAP CRM 7.0. While Login to WEB UI, they system is asking for user id and password for atleast four times.
We get the warning "SSO logon not possible; no logon ticket due to incorrect configuration". Choose "Logon" to continue A dialog box appears in which you can enter your user and password".
When we enter the user ID and Password second time, it redirects to weblink saying
"There is a new way of starting SAP CRM; adjust your favorites
You can use the following link:
http://<hostname.domain>:8000/sap/crm_logon?sap-client=100 "
When we click on the link it again asks for user name and password. We get the same warning as mentioned earlier "SSO logon not possible; no logon ticket due to incorrect configuration".
After entering user id and password we get the business role screen. It again asks for the user ID and Password(fourth time).
We have the profile parameters:
login/accept_sso2_ticket-->1
login/create_sso2_ticket-->2
We have also installed SAP crtypo.dll.
Please advice. Your suggestions are highly appreciated.
Regards,
Dave.
Dave,
Well a few more items to check would be:
icm/HTTPS/verify_client = 0
ssf/name = SECLIB
ssf/ssfapi_lib = <path to sapcrypto.dll>
sec/libsapsecu = <path to sapcrypto.dll>
ssl/ssl_lib = <path to sapcrypto.dll>
verify the server ports:
icm/server_port_0 = PROT=HTTP,PORT=<unsecure port>
icm/server_port_1 = PROT=HTTPS,PORT=<secure port>
If you are running on unix then you need to use a port above 1024 or have to do a special binding procedure to use ports below 1024. In addition installing the crypto library requires an instance restart to take effect. You'll also want to verify the /sap/crm_logon alias is using the standard login procedure. On the error pages tab, you'll want to change the System Login configuration to use SSL.
In addition check your FQDN settings on your CRM box. Do a search for this term to find some other tips on setting up this piece.
Take care,
Stephen
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hello Stephen,
Thanks for you inputs.
Like you mentioned, I have double checked the below in the profile parameter:
icm/HTTPS/verify_client = 0
ssf/name = SAPSECULIB
ssf/ssfapi_lib = $(ssl/ssl_lib)
sec/libsapsecu = $(ssl/ssl_lib
ssl/ssl_lib = $(DIR_EXECUTABLE)$(DIR_SEP)$(FT_DLL_PREFIX)sapcrypto$(FT_DLL)
We are using windows 2003 64 bit server:
icm/server_port_0 = PROT=HTTP,PORT=80$$
icm/server_port_1 = PROT=SMTP,PORT=25,TIMEOUT=300,PROCTIMEOUT=600
Please let me know if the values set in above profile parameters are correct.
If I specify <path to sapcrypto.dll> in the below parameters, I am unable to start the instance Dispatcher stops:
ssf/ssfapi_lib = <path to sapcrypto.dll>
sec/libsapsecu = <path to sapcrypto.dll>
ssl/ssl_lib = <path to sapcrypto.dll>
Please advice
Dave
Dave,
Well the only thing you look like you are missing is the HTTPS service definition. Not required for SSO, but definitely a must.
Now keep in mind we fully specify the paths to the sapcrypto.dll in our system. Your ssf/name parameter looks fine. All our parameters are specified in the instance profile
I'm still guessing that upon startup the crypto library can't be found. Review the startup logs in SMICM to verify that there are no error messages regarding the installation of the library. If you don't see this, verify that the system PSE is generated in transaction strust
Take care,
Stephen
User | Count |
---|---|
7 | |
1 | |
1 | |
1 | |
1 | |
1 | |
1 | |
1 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.